OpenSSL: how to setup an OCSP server for checking third-party certificates?

Posted by StackedCrooked on Super User See other posts from Super User or by StackedCrooked
Published on 2010-04-13T13:31:25Z Indexed on 2010/04/13 13:33 UTC
Read the original article Hit count: 439

Filed under:
|

I am testing the Certificate Revocation functionality of a CMTS device. This requires me to setup a OCSP responder. Since it will only be used for testing I assume that the minimal implementation provided by OpenSSL should suffice.

I have extracted the a certificate from a cable modem, copied it to my PC and converted it to the PEM format. Now I want to register it in the OpenSSL OCSP database and start a server.

I have completed all these steps, but when I do a client request my server invariably responds with "unknown". It seems to be completely unaware of my certificate's existence.

I would greatly appreciate if anyone would be willing to have a look at my code. For your convenience, I have created a single script consisting of a sequential list of all used commands, from setting up the CA until starting the server: http://code.google.com/p/stacked-crooked/source/browse/trunk/Misc/OpenSSL/AllCommands.sh

You can also find the custom config file and the certificate that I am testing with: http://code.google.com/p/stacked-crooked/source/browse/trunk/Misc/OpenSSL/

Any help would be greatly appreciated.

© Super User or respective owner

OpenSSL: how to setup an OCSP server for checking third-party certificates?

Posted by StackedCrooked on Server Fault See other posts from Server Fault or by StackedCrooked
Published on 2010-04-13T13:31:25Z Indexed on 2010/04/13 15:33 UTC
Read the original article Hit count: 439

Filed under:
|

I am testing the Certificate Revocation functionality of a CMTS device. This requires me to setup a OCSP responder. Since it will only be used for testing I assume that the minimal implementation provided by OpenSSL should suffice.

I have extracted the a certificate from a cable modem, copied it to my PC and converted it to the PEM format. Now I want to register it in the OpenSSL OCSP database and start a server.

I have completed all these steps, but when I do a client request my server invariably responds with "unknown". It seems to be completely unaware of my certificate's existence.

I would greatly appreciate if anyone would be willing to have a look at my code. For your convenience, I have created a single script consisting of a sequential list of all used commands, from setting up the CA until starting the server: http://code.google.com/p/stacked-crooked/source/browse/trunk/Misc/OpenSSL/AllCommands.sh

You can also find the custom config file and the certificate that I am testing with: http://code.google.com/p/stacked-crooked/source/browse/trunk/Misc/OpenSSL/

Any help would be greatly appreciated.

© Server Fault or respective owner

Related posts about openssl

Related posts about ocsp